Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2017-12856 |
|
Cross-Site Scripting (XSS) in c (CVE-2017-12856)
cross-site scripting in c (CVE-2017-12856). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-10844 |
|
Code Injection in basercms (CVE-2017-10844)
code injection in basercms (CVE-2017-10844). Successful exploitation can lead to full system takeover.
|
| CVE-2014-7860 |
|
Information Disclosure in d-link (CVE-2014-7860)
vulnerability in d-link (CVE-2014-7860). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-3211 |
|
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
|
| CVE-2015-4180 |
|
Path Traversal in path-traversal (CVE-2015-4180)
path traversal in path-traversal (CVE-2015-4180). Confidential information can be exposed externally.
|
| CVE-2015-4181 |
|
Path Traversal in path-traversal (CVE-2015-4181)
path traversal in path-traversal (CVE-2015-4181). Confidential information can be exposed externally.
|
| CVE-2017-13697 |
|
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
|
| CVE-2015-8352 |
|
Path Traversal in path-traversal (CVE-2015-8352)
path traversal in path-traversal (CVE-2015-8352). Successful exploitation can lead to full system takeover.
|
| CVE-2015-8355 |
|
SQL Injection in sqli (CVE-2015-8355)
SQL injection in sqli (CVE-2015-8355). Successful exploitation can lead to full system takeover.
|
| CVE-2017-13671 |
|
Cross-Site Scripting (XSS) in misp (CVE-2017-13671)
cross-site scripting in misp (CVE-2017-13671). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9555 |
|
Cross-Site Scripting (XSS) in synology (CVE-2017-9555)
cross-site scripting in synology (CVE-2017-9555). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12679 |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
|
| CVE-2017-13669 |
|
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
|
| CVE-2017-12970 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-12970)
vulnerability in csrf (CVE-2017-12970). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12971 |
|
Cross-Site Scripting (XSS) in apache2triad (CVE-2017-12971)
cross-site scripting in apache2triad (CVE-2017-12971). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13137 |
|
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
|
| CVE-2017-12978 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-12978)
cross-site scripting in cacti (CVE-2017-12978). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12979 |
|
Cross-Site Scripting (XSS) in dokuwiki (CVE-2017-12979)
cross-site scripting in dokuwiki (CVE-2017-12979). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12980 |
|
Cross-Site Scripting (XSS) in dokuwiki (CVE-2017-12980)
cross-site scripting in dokuwiki (CVE-2017-12980). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12981 |
|
SQL Injection in sqli (CVE-2017-12981)
SQL injection in sqli (CVE-2017-12981). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12984 |
|
Cross-Site Scripting (XSS) in phpmywind (CVE-2017-12984)
cross-site scripting in phpmywind (CVE-2017-12984). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11366 |
|
OS Command Injection in codiad (CVE-2017-11366)
OS command injection in codiad (CVE-2017-11366). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12977 |
|
SQL Injection in wordpress (CVE-2017-12977)
SQL injection in wordpress (CVE-2017-12977). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12946 |
|
SQL Injection in wordpress (CVE-2017-12946)
SQL injection in wordpress (CVE-2017-12946). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12947 |
|
SQL Injection in wordpress (CVE-2017-12947)
SQL injection in wordpress (CVE-2017-12947). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12948 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-12948)
cross-site scripting in wordpress (CVE-2017-12948). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12949 |
|
SQL Injection in wordpress (CVE-2017-12949)
SQL injection in wordpress (CVE-2017-12949). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12776 |
|
SQL Injection in sqli (CVE-2017-12776)
SQL injection in sqli (CVE-2017-12776). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12680 |
|
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
|
| CVE-2017-12943 |
|
Path Traversal in path-traversal (CVE-2017-12943)
path traversal in path-traversal (CVE-2017-12943). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10665 |
|
Path Traversal in path-traversal (CVE-2017-10665)
path traversal in path-traversal (CVE-2017-10665). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12932 |
|
Use-After-Free in CVE-2017-12932 (CVE-2017-12932)
vulnerability in CVE-2017-12932 (CVE-2017-12932). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12933 |
|
Out-of-Bounds Read in CVE-2017-12933 (CVE-2017-12933)
vulnerability in CVE-2017-12933 (CVE-2017-12933). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12934 |
|
Use-After-Free in CVE-2017-12934 (CVE-2017-12934)
vulnerability in CVE-2017-12934 (CVE-2017-12934). Data can be tampered with by attackers.
|
| CVE-2017-12927 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2017-12927)
cross-site scripting in cacti (CVE-2017-12927). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12907 |
|
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
|
| CVE-2017-12908 |
|
SQL Injection in sqli (CVE-2017-12908)
SQL injection in sqli (CVE-2017-12908). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12909 |
|
SQL Injection in sqli (CVE-2017-12909)
SQL injection in sqli (CVE-2017-12909). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12910 |
|
SQL Injection in sqli (CVE-2017-12910)
SQL injection in sqli (CVE-2017-12910). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11150 |
|
OS Command Injection in synology (CVE-2017-11150)
OS command injection in synology (CVE-2017-11150). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12798 |
|
Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12798)
cross-site scripting in nexusphp-project (CVE-2017-12798). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12774 |
|
SQL Injection in finecms-project (CVE-2017-12774)
SQL injection in finecms-project (CVE-2017-12774). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12777 |
|
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
|
| CVE-2014-9701 |
|
Cross-Site Scripting (XSS) in mantisbt (CVE-2014-9701)
cross-site scripting in mantisbt (CVE-2014-9701). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11151 |
|
Authentication Bypass in synology (CVE-2017-11151)
authentication bypass in synology (CVE-2017-11151). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11152 |
|
Path Traversal in path-traversal (CVE-2017-11152)
path traversal in path-traversal (CVE-2017-11152). Data can be tampered with by attackers.
|
| CVE-2017-11153 |
|
Unsafe Deserialization in deserialization (CVE-2017-11153)
vulnerability in deserialization (CVE-2017-11153). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11154 |
|
Unrestricted File Upload in synology (CVE-2017-11154)
vulnerability in synology (CVE-2017-11154). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11155 |
|
Vulnerability in synology (CVE-2017-11155)
vulnerability in synology (CVE-2017-11155). Confidential information can be exposed externally.
|
| CVE-2017-12655 |
|
Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12655)
cross-site scripting in nexusphp-project (CVE-2017-12655). Risk of unauthorized operations or information disclosure.
|